Prepare release

Author: Erlang/OTP

lib/inets/doc/src/notes.xml

@@ -33,7 +33,34 @@
     <file>notes.xml</file>
   </header>
 
-  <section><title>Inets 9.1.0.2</title>
+  <section><title>Inets 9.1.0.3</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+	    <p>Fixed a bug where a request sent to httpd server which
+	    is using CGI script to generate a response, would pollute
+	    server's environment variable - <c>HTTP_PROXY</c> for
+	    that request. This bug is also known as httpoxy. More
+	    information: CVE-2016-1000107 </p>
+          <p>
+	    Own Id: OTP-19729 Aux Id: PR-6223, GH-3392 </p>
+        </item>
+        <item>
+	    <p>Fixed a RFC 2616 violation, where a http request, made
+	    by httpc, without providing any options, would be sent
+	    with an empty TE header, without also having a TE value
+	    in the connection header. Now the default request doesn't
+	    send a TE header at all.</p>
+          <p>
+	    Own Id: OTP-19760 Aux Id: PR-10120, GH-10065 </p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
+<section><title>Inets 9.1.0.2</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
       <list>

lib/inets/vsn.mk

@@ -19,6 +19,6 @@
 # %CopyrightEnd%
 
 APPLICATION = inets
-INETS_VSN   = 9.1.0.2
+INETS_VSN   = 9.1.0.3
 PRE_VSN     =
 APP_VSN     = "$(APPLICATION)-$(INETS_VSN)$(PRE_VSN)"

lib/ssh/doc/src/notes.xml

@@ -30,6 +30,53 @@
     <file>notes.xml</file>
   </header>
 
+<section><title>Ssh 5.1.4.12</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+	    <p>Option max_handles can be configured for sshd running
+	    SFTP. The positive integer value limits amount of file
+	    handles opened for a connection (by default 4096 is
+	    used).</p>
+          <p>
+	    *** POTENTIAL INCOMPATIBILITY ***</p>
+          <p>
+	    Own Id: OTP-19701 Aux Id: CVE-2025-48041, PR-10157 </p>
+        </item>
+        <item>
+	    <p>Avoid decoding KEX messages providing too many
+	    algorithms. This change does not introduce new limitation
+	    but assures it is enforced earlier in processing chain.
+	    Adjustments in error logging during handshake.</p>
+          <p>
+	    *** POTENTIAL INCOMPATIBILITY ***</p>
+          <p>
+	    Own Id: OTP-19741 Aux Id: CVE-2025-48040, PR-10162 </p>
+        </item>
+        <item>
+	    <p>A new 'max_path' option is now available in the sshd
+	    configuration, allowing administrators to set the maximum
+	    allowable path length. By default, this value is set to
+	    4096 characters.</p>
+          <p>
+	    *** POTENTIAL INCOMPATIBILITY ***</p>
+          <p>
+	    Own Id: OTP-19742 Aux Id: CVE-2025-48039, PR-10155 </p>
+        </item>
+        <item>
+	    <p>Reject file handles exceeding size specified in RFCs
+	    (256 bytes).</p>
+          <p>
+	    *** POTENTIAL INCOMPATIBILITY ***</p>
+          <p>
+	    Own Id: OTP-19748 Aux Id: CVE-2025-48038, PR-10156 </p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Ssh 5.1.4.11</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>

lib/ssh/vsn.mk

@@ -1,4 +1,4 @@
 #-*-makefile-*-   ; force emacs to enter makefile-mode
 
-SSH_VSN = 5.1.4.11
+SSH_VSN = 5.1.4.12
 APP_VSN    = "ssh-$(SSH_VSN)"

make/otp_version_tickets

@@ -1,8 +1,6 @@
-OTP-19673
-OTP-19683
-OTP-19691
-OTP-19697
-OTP-19699
-OTP-19702
-OTP-19707
-OTP-19710
+OTP-19701
+OTP-19729
+OTP-19741
+OTP-19742
+OTP-19748
+OTP-19760